如何在ONTAP 9中将卷的安全模式从UNIX更改为NTFS
适用场景
ONTAP 9
问题描述
本文包含有关修改现有卷/qtree的安全模式以及将NTFS权限传播到 ONTAP 9中的子文件夹和文件的说明
操作步骤
- 将卷或qtree的安全模式修改为NTFS:
::> volume modify -vserver vserver_name -volume -security-style ntfs
- 更改安全模式后、卷的根目录将会更新
- 示例
-
Cluster::> vserver security file-directory show -vserver Vs1 -path /vol1
Vserver: Vs1
File Path: /vol1
File Inode Number: 96
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-Everyone-0x1f01ff-(Inherited)
ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)
- 对任何子对象所做的唯一更改是安全模式
- 示例
-
Cluster::> vserver security file-directory show -vserver Vs1 -path /vol1/new.txt
Vserver: Vs1
File Path: /vol1/new.txt
File Inode Number: 102
Security Style: ntfs
Effective Style: unix
DOS Attributes: 20
DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: -
- 在Windows端执行以下步骤、将DACL信息传播到子文件夹和文件。
- 从窗口访问共享、然后导航到"属性"下的"安全"选项卡中的"高级"选项
- 单击所有者旁边的"更改"、选择适当的用户
- 单击"将所有子对象权限条目替换为此对象的可继承权限条目"选项、然后单击应用
注意:您可以根据需要在父文件夹上添加/删除DACL、然后再单击上面的选项。
- 此过程完成后、所有子对象现在都将NTFS显示为有效安全模式、并应用NTFS ACL
- 在此过程完成之前、ONTAP将强制实施UNIX permissions
追加信息
- 当qtree的安全模式为UNIX时、qtree上的文件目录以及其下的文件/文件夹的输出
- 示例
-
::> file-directory show -vserver svm01 -path /vol1/tree3
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3
File Inode Number: 1346562
Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 755
UNIX Mode Bits in Text: rwxr-xr-x
ACLs: -::> file-directory show -vserver svm01 -path /vol1/tree3/folder1
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3/folder1
File Inode Number: 1346564
Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 755
UNIX Mode Bits in Text: rwxr-xr-x
ACLs: -
::>file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3/folder1/file2.txt
File Inode Number: 1346565
Security Style: unix
Effective Style: unix
DOS Attributes: 20
DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 755
UNIX Mode Bits in Text: rwxr-xr-x
ACLs: -
- 将qtree的安全模式修改为NTFS且未向Microsoft Windows客户端上的子对象继承权限时、文件目录的输出将显示在qtree上及其下的文件/文件夹上
- 示例
-
::> file-directory show -vserver svm01 -path /vol1/tree3
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3
File Inode Number: 1346562
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:BUILTIN\Administrators
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-Everyone-0x1f01ff
ALLOW-Everyone-0x10000000-OI|CI|IO::> file-directory show -vserver svm01 -path /vol1/tree3/folder1
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3/folder1
File Inode Number: 1346564
Security Style: ntfs
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 755
UNIX Mode Bits in Text: rwxr-xr-x
ACLs: -
::> file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3/folder1/file2.txt
File Inode Number: 1346565
Security Style: ntfs
Effective Style: unix
DOS Attributes: 20
DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 755
UNIX Mode Bits in Text: rwxr-xr-x
ACLs: -
- 将qtree的安全模式修改为NTFS并对Microsoft Windows客户端上的子对象具有继承权限时、文件目录输出将显示在qtree上及其下的文件/文件夹
- 示例
-
::> file-directory show -vserver svm01 -path /vol1/tree3/folder1
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3/folder1
File Inode Number: 1346564
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8504
Owner:BUILTIN\Administrators
Group:NASLAB\Domain Users
DACL - ACEs
ALLOW-Everyone-0x1f01ff-OI|CI (Inherited)::> file-directory show -vserver svm01 -path /vol1/tree3/folder1/file2.txt
(vserver security file-directory show)Vserver: svm01
File Path: /vol1/tree3/folder1/file2.txt
File Inode Number: 1346565
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 20
DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 1
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8504
Owner:BUILTIN\Administrators
Group:NASLAB\Domain Users
DACL - ACEs
ALLOW-Everyone-0x1f01ff-(Inherited)